R-CISC Summit Highlights Importance of Collaboration in Securing Retail

NCCoE leads workshop to help further refine scope of NCCoE retail projects

NCCoE Session
NCCoE Senior Security Engineer Bill Newhouse leads a collaborative workshop discussing retail and payment ecosystem challenges to inform upcoming NCCoE projects at the 2016 R-CISC Retail Cyber Intelligence Summit.

Last week, the National Cybersecurity Center of Excellence (NCCoE) presented at the 2016 Retail Cyber Intelligence Summit in Chicago. Hosted by the Retail Cyber Intelligence Sharing Center (R-CISC), a nonprofit resource for retailers that collects and shares threat intelligence in a safe and secure way, this two-day event brought together nearly 200 information security leaders representing many prominent retail and consumer services organizations.

Sessions featured innovative thought leaders, industry experts, and interactive workshops. Many repeated a theme throughout the conference—collaboration is key to meeting and remaining a step ahead of current and future retail security challenges and threats.

 

“Sharing is Caring”

During the opening keynote, “A Vision for the Future: How Retailers Will Shape the Industry,” R-CISC board members agreed that the best way to secure the industry was to engage in information sharing and collaboration with partners and competitors alike.

“We need to get everyone to the table,” noted Bill Dennings, EVP, Chief Compliance, Risk & Security Officer at Uphold. He emphasized that information sharing on how to process intelligence is just as critical as sharing data, noting that these details are not competitive advantages and can ultimately help secure the vitality of the industry.  

The session “Becoming the Borg: Strategies for Collective Threat Defense” explored this concept further with Dennings moderating a conversation with Daniel Conroy, CISO for Synchrony Financial and David McLeod, CISO of JCPenny. McLeod noted that threats are rapidly increasing, and using collaboration to build a structured solution is the most effective way to combat it. “With the unknown bucket getting bigger, talking to others is going to become more and more of my job,” he said.

Conroy suggested that companies looking to collaborate should start by sharing information internally, then bring in their partners and clients, but ultimately expand to their competitors through groups like R-CISC. “A rhythm will start to take off and we all save money,” he explained.

A focus on information sharing was echoed in Monday’s closing keynote. Alex Stamos, CSO of Facebook shared his lessons learned for securing systems at scale and advice on collaboration: “We’re all in this together from a defense perspective—our adversaries are sharing,” he noted. “Sharing is caring.”

 

A Step Further—Collaborating for Solutions

Information sharing is crucial to ensuring a secure retail environment. Another important piece of the equation is using this shared information to solve cybersecurity challenges. The NCCoE is helping to lead the charge.

The NCCoE is a collaborative hub where businesses, government agencies, and academia work together to address broad cybersecurity problems of national importance. As part of the National Institute of Standards and Technology (NIST), the NCCoE uses standards, best practices, and commercially available technologies to demonstrate how cybersecurity can be applied in the real world.

At the R-CISC Summit, NCCoE Senior Security Engineer Bill Newhouse led a collaborative workshop discussing two upcoming NCCoE projects in the retail sector. Participants shared their retail and payment ecosystem challenges and expertise to help further refine the projects’ scopes.

Today, the NCCoE published these scopes in two new Project Descriptions: Multifactor Authentication for e-Commerce and Securing Non-Credit Card, Sensitive Consumer Data. The NCCoE is seeking feedback on the relevance and feasibility of this draft document and will revise it based on stakeholder comments. The comment period closes June 3, 2016. Visit the Multifactor Authentication for e-Commerce and Securing Non-Credit Card, Sensitive Consumer Data project pages to download the Project Descriptions and submit feedback.

The NCCoE encourages retailers and technology vendors to collaborate in this critical space. If you are interested in participating, please join our Community of Interest by emailing consumer-nccoe@nist.gov.

For updates on the NCCoE’s Retail Sector projects, sign up for our newsletter.